Index: addrtoname.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/addrtoname.c,v
retrieving revision 1.5
diff -u -r1.5 addrtoname.c
--- addrtoname.c	1998/09/15 19:46:59	1.5
+++ addrtoname.c	2000/10/30 22:45:58
@@ -525,7 +525,7 @@
 	tp->addr = i;
 	tp->nxt = newhnamemem();
 
-	(void)sprintf(buf, "%u", i);
+	(void)snprintf(buf, sizeof(buf), "%u", i);
 	tp->name = savestr(buf);
 	return (tp->name);
 }
@@ -551,7 +551,7 @@
 		while (table->name)
 			table = table->nxt;
 		if (nflag) {
-			(void)sprintf(buf, "%d", port);
+			(void)snprintf(buf, sizeof(buf), "%d", port);
 			table->name = savestr(buf);
 		} else
 			table->name = savestr(sv->s_name);
Index: print-atalk.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-atalk.c,v
retrieving revision 1.6
diff -u -r1.6 print-atalk.c
--- print-atalk.c	1998/09/15 19:46:59	1.6
+++ print-atalk.c	2000/10/30 22:46:07
@@ -495,7 +495,7 @@
 {
 	register struct hnamemem *tp, *tp2;
 	register int i = (atnet << 8) | athost;
-	char nambuf[256];
+	char nambuf[MAXHOSTNAMELEN + 20];
 	static int first = 1;
 	FILE *fp;
 
@@ -540,7 +540,7 @@
 		if (tp2->addr == i) {
 			tp->addr = (atnet << 8) | athost;
 			tp->nxt = newhnamemem();
-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
+			(void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
 			tp->name = savestr(nambuf);
 			return (tp->name);
 		}
Index: print-fr.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-fr.c,v
retrieving revision 1.2
diff -u -r1.2 print-fr.c
--- print-fr.c	1998/01/01 04:13:43	1.2
+++ print-fr.c	2000/10/30 22:46:08
@@ -395,12 +395,12 @@
 		    break;
 		case LINK_VERIFY_IE_91:
 		case LINK_VERIFY_IE_94:
-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
+		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
 			    ptemp[2], ptemp[3]);
 		    decode_str = temp_str;
 		    break;
 		case PVC_STATUS_IE:
-		    sprintf(temp_str,"DLCI %d: status %s %s",
+		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
 			    ptemp[4] & 0x8 ?"new,":" ",
 			    ptemp[4] & 0x2 ?"Active":"Inactive");
Index: print-icmp.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-icmp.c,v
retrieving revision 1.3
diff -u -r1.3 print-icmp.c
--- print-icmp.c	1997/05/27 02:17:32	1.3
+++ print-icmp.c	2000/10/30 22:46:08
@@ -172,7 +172,7 @@
 	register const struct ip *oip;
 	register const struct udphdr *ouh;
 	register u_int hlen, dport, mtu;
-	char buf[256];
+	char buf[MAXHOSTNAMELEN + 100];
 
 	dp = (struct icmp *)bp;
 	ip = (struct ip *)bp2;
@@ -191,7 +191,7 @@
 
 		case ICMP_UNREACH_PROTOCOL:
 			TCHECK(dp->icmp_ip.ip_p);
-			(void)sprintf(buf, "%s protocol %d unreachable",
+			(void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
 				       ipaddr_string(&dp->icmp_ip.ip_dst),
 				       dp->icmp_ip.ip_p);
 			break;
@@ -205,21 +205,21 @@
 			switch (oip->ip_p) {
 
 			case IPPROTO_TCP:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s tcp port %s unreachable",
 					ipaddr_string(&oip->ip_dst),
 					tcpport_string(dport));
 				break;
 
 			case IPPROTO_UDP:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s udp port %s unreachable",
 					ipaddr_string(&oip->ip_dst),
 					udpport_string(dport));
 				break;
 
 			default:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s protocol %d port %d unreachable",
 					ipaddr_string(&oip->ip_dst),
 					oip->ip_p, dport);
@@ -234,11 +234,11 @@
 			mp = (struct mtu_discovery *)&dp->icmp_void;
                         mtu = EXTRACT_16BITS(&mp->nexthopmtu);
                         if (mtu)
-			    (void)sprintf(buf,
+			    (void)snprintf(buf, sizeof(buf),
 				"%s unreachable - need to frag (mtu %d)",
 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
                         else
-			    (void)sprintf(buf,
+			    (void)snprintf(buf, sizeof(buf),
 				"%s unreachable - need to frag",
 				ipaddr_string(&dp->icmp_ip.ip_dst));
 			}
@@ -247,7 +247,7 @@
 		default:
 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
 			    dp->icmp_code);
-			(void)sprintf(buf, fmt,
+			(void)snprintf(buf, sizeof(buf), fmt,
 			    ipaddr_string(&dp->icmp_ip.ip_dst));
 			break;
 		}
@@ -257,7 +257,7 @@
 		TCHECK(dp->icmp_ip.ip_dst);
 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
 		    dp->icmp_code);
-		(void)sprintf(buf, fmt,
+		(void)snprintf(buf, sizeof(buf), fmt,
 		    ipaddr_string(&dp->icmp_ip.ip_dst),
 		    ipaddr_string(&dp->icmp_gwaddr));
 		break;
@@ -277,30 +277,30 @@
 		cp = buf + strlen(buf);
 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
 		if (lifetime < 60)
-			(void)sprintf(cp, "%u", lifetime);
+			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
 		else if (lifetime < 60 * 60)
-			(void)sprintf(cp, "%u:%02u",
+			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
 			    lifetime / 60, lifetime % 60);
 		else
-			(void)sprintf(cp, "%u:%02u:%02u",
+			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
 			    lifetime / 3600,
 			    (lifetime % 3600) / 60,
 			    lifetime % 60);
 		cp = buf + strlen(buf);
 
 		num = ihp->ird_addrnum;
-		(void)sprintf(cp, " %d:", num);
+		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
 		cp = buf + strlen(buf);
 
 		size = ihp->ird_addrsiz;
 		if (size != 2) {
-			(void)sprintf(cp, " [size %d]", size);
+			(void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
 			break;
 		}
 		idp = (struct id_rdiscovery *)&dp->icmp_data;
 		while (num-- > 0) {
 			TCHECK(*idp);
-			(void)sprintf(cp, " {%s %u}",
+			(void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
 			    ipaddr_string(&idp->ird_addr),
 			    EXTRACT_32BITS(&idp->ird_pref));
 			cp = buf + strlen(buf);
@@ -321,25 +321,25 @@
 			break;
 
 		default:
-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
+			(void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
 			break;
 		}
 		break;
 
 	case ICMP_PARAMPROB:
 		if (dp->icmp_code)
-			(void)sprintf(buf, "parameter problem - code %d",
+			(void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
 					dp->icmp_code);
 		else {
 			TCHECK(dp->icmp_pptr);
-			(void)sprintf(buf, "parameter problem - octet %d",
+			(void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
 					dp->icmp_pptr);
 		}
 		break;
 
 	case ICMP_MASKREPLY:
 		TCHECK(dp->icmp_mask);
-		(void)sprintf(buf, "address mask is 0x%08x",
+		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
 		    (u_int32_t)ntohl(dp->icmp_mask));
 		break;
 
Index: print-sunrpc.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
retrieving revision 1.4
diff -u -r1.4 print-sunrpc.c
--- print-sunrpc.c	1998/09/15 19:46:59	1.4
+++ print-sunrpc.c	2000/10/30 22:46:09
@@ -126,7 +126,9 @@
 	rp = getrpcbynumber(prog);
 	if (rp == NULL)
 		(void) sprintf(buf, "#%u", prog);
-	else
-		strcpy(buf, rp->r_name);
+	else {
+		strncpy(buf, rp->r_name, sizeof(buf)-1);
+		buf[sizeof(buf)-1] = '\0';
+	}
 	return (buf);
 }
Index: util.c
===================================================================
RCS file: /usr/home/ncvs/src/contrib/tcpdump/util.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 util.c
--- util.c	1998/09/15 19:36:31	1.1.1.3
+++ util.c	2000/10/30 22:46:09
@@ -154,7 +154,7 @@
 	}
 	if (fmt == NULL)
 		fmt = "#%d";
-	(void)sprintf(buf, fmt, v);
+	(void)snprintf(buf, sizeof(buf), fmt, v);
 	return (buf);
 }
 
